This may sound very basic, but I don't understand why pf is behaving in the following manner. To wit, I have a pf.conf file that has two lines:
block in on fxp0 all block out on fxp0 all
fxp0 is my external interface.
I noticed this morning that despite having been configured with these two lines, I was still able to use AIM. I could not access web-related or smtp-related services on the outside, however (which is what I would expect). But I don't understand why AIM should be accessible.
The state table is always checked before any existing rules. So, if that ruleset was loaded after a state for AIM was created, the AIM connection would still hold. You can check the state table with pfctl -ss.
